15 Steps to a

GDPR Compliant Blog

The announcement of the GDPR in early 2018 was enough to make even the most experienced bloggers tremble in their boots. It sent a lot of bloggers into a whirlwind and very few people had a grasp of what it was- myself included.

What we did know was that it would mean more rules to follow and more work or face hefty fines. Ugh…

Good news is it’s been awhile since the announcement of the GDPR and the deadline to be compliant has come and gone. Tons of bloggers and companies have done a lot of research to make sure they are GDPR compliant.

Why is this good for you? You get to benefit from a simplified list of “Things To Do” in order to become GDPR compliant.

What is the GDPR?

Before we dive into compliance, let’s discover what the heck the GDPR is.

GDPR stands for General Data Protection Regulation and according to EWGDPR.org, the GDPR is meant to protect all EU (European Union) citizens from privacy and data breaches.

The biggest change of the GDPR is that it applies to all companies processing the personal data of data subjects residing in the Union, regardless of the company’s location. In translation, if there is a chance someone from the EU will visit your page you have to comply.

How to be GDPR Compliant

Before we get started I have to say this is in no way legal advice for the GDPR.

There are steps I have taken on my blog to ensure my policies are up to date and compliant with the GDPR. Every business is different, and this list is a guide to using the best free resources to help you become GDPR compliant.

1. If you have more than one blog, ensure they’re all connected with your main WordPress.com account

If you’re just starting to blog you won’t have to worry about this but if you choose to start another site (or several) make sure they’re all connected to one primary WordPress.com account.

This way when you upload a required plugin, it uploads “once” rather than uploading and activating for each site-huge time-saver!

2. Download the Following Plugins

WP GDPR Compliance– This allows process data requests from WordPress that’s secure for the user. This means they can only process by clicking a link in their email, from the same device and IP. It also allows you to easily add a checkbox to forms on your website currently supporting Contact Form 7, Gravity Forms, WooCommerce, and WordPress Comments.

4. Integrate Google Recaptcha For Contact Form 7

You will then see a page like the one shown below. You want to add your domain name and then you want to choose reCATCHA V2.

A box will pop up and you will have to enter your full domain address.

Once you select ‘Register’ you will get a Site Key and a Secret Key.

Return to WordPress Dashboard and hover over ‘Contact’ then select ‘Integration’ and you will be able to enter your Site Key and Secret Key here.

5. Create a Privacy Policy page (or update your current one)

The resource I used to create my Privacy Policy isSEQ Legal. Their Privacy Policy includes a lot of optional text plus parts you are REQUIRED to edit so go through the policy to ensure it meets your needs and to make sure your privacy policy set up the right way.

Fair warning, these policies were created in the EU so you may have to edit the text a bit but since they’re policy is currently the strictest I feel confident I am compliant with other laws as well. I encourage you to do your own research or talk to a lawyer if you have any questions.

To create your privacy page your WordPress has to be up-to-date because only versions 4.9.6 has a built in “Privacy” link located under ‘Settings’ on the WordPress Dashboard.

A new page will be created and you will be able to copy and paste your new privacy policy here.

6. Edit Your Privacy Policy Page With Links To 3rd Party Services You Use

Create a list of all the companies that handle data on behalf of your business. The list should include Google, Facebook, your hosting company, autoresponder, and tracking services.

Include this list in your privacy policy with a link to each services privacy policy.

7. Create a Form for the Specific Purpose of Users Contacting You About Their Data

Once you have your privacy policy created, GDPR also requires you to add the following:

Data Rectification which allows users to adjust their information.

Data Access which allows users to see what records you hold.

The ‘Right To Be Forgotten’ which allows users to be removed from your records.

A Data Breach Process which states what will happen in the case of a data breach or website hack.

In order to fulfill the requirements, take the following steps:

Go to ‘Contact’ on the WordPress Dashboard and select ‘Contact Forms’ from the dropdown.

When Contact Form 7 is uploaded, it automatically creates a standard form and shortcode. Copy the shortcode located in the box on the page.

Create a new page titled ‘Data Access Request and include a short paragraph explaining users are allowed to access, modify, and request deletion of their data at any time.

Create and link to a ‘Data Request Access’ Page allowing users to be automatically emailed their data or have their data removed (fulfilling requirement 2 and 3).

Write a paragraph on what will happen if their data is breached such in the case of a website hacked or data stolen (fulfilling requirement 4). Example: If the event of any data breach from our servers or third party providers we will contact all concerned parties within 72 hours and follow up with any details if required.

8. Download Other Legal Files & Create Pages

Having the Privacy Policy page done is awesome and a step in the right direction but there are quite a few pages you need to be compliant with GDPR including:

GDPR Compliance

GDPR Compliance requires you to up your game when it comes to protecting your readers privacy. Admittedly, it requires more work but it’s ultimately a good thing to be able to provide our readers with the security that their information is safe.

Hopefully this list has made it a little clearer about what the GDPR is and easier for you to meet the requirements.

Want to keep this article for later? Click ‘Read Later’ below to have the post emailed to you below. Or sign up for access to my FREE Resource Library to download a Printable Checklist to help make your blog GDPR Compliant.

Primary Sidebar

Hi, my name is Deja Cronley and I’ve managed to build two successful blogs including this one- it launched in April 2018 and already has over 1,000 subscribers and followers. You can read about my journey ‘From Bankruptcy to Financial Freedom here. Want to chat about your blog? Contact me- I love hearing from my readers.

Before Footer

Popular Posts

Footer

Hi, my name is Deja Cronley and I’ve managed to build two successful blogs including this one- it launched in April 2018 and already has over 1,000 subscribers and followers. You can read about my journey ‘From Bankruptcy to Financial Freedom here. Want to chat about your blog? Contact me- I love hearing from my readers.